layer 2 VPN problems

  • 1
  • Question
  • Updated 3 years ago
  • Answered
I have set up the configuration for a layer 2 VPN from an AP121 at a remote office to an AP230 at our head office. Config sent to the devices which have been set as client and server respectively. Port forwards set at both ends as both APs sit behind NAT devices, and SSID selected to use the VPN. The VPN between the devices is not established and if I try to connect to the SSID at the remote site I am asked for the PSK but it does not accept it.
To start troubleshooting I have connected to the same LAN as the management interface on the AP230 and done a port scan to see if ports 500 and 4500 are open on the AP. They are not. I have scanned port 22 and this is open as I would expect as SSH is enabled in Traffic Filter settings. So, I would have expected ports 500 and 4500 to be open on the AP230 management interface; is there anything else I need to enable other than the VPN profile to make these ports open on the AP?

Any thoughts on troubleshooting this further would be much appreciated.
Photo of Joseff Harris

Joseff Harris

  • 11 Posts
  • 0 Reply Likes

Posted 3 years ago

  • 1
Photo of Manoah Coenraad

Manoah Coenraad, Champ

  • 72 Posts
  • 67 Reply Likes
Hello Joseff,

So far as I know is it not possible to set an AP230 as VPN server.
You can only set an AP330/350 as VPN server
Photo of Joseff Harris

Joseff Harris

  • 11 Posts
  • 0 Reply Likes
HI Manoah,

that could be it, although I did specifically check this point with my reseller before purchasing the AP230. If an Aerohive employee can chip in here with a definitive answer on AP230 VPN capabilities that may save me bashing my head against a brick wall.
Photo of David Coleman

David Coleman, Official Rep

  • 209 Posts
  • 164 Reply Likes
Manoah is correct.

The AP330 and 350 have VPN accelerator chips in them and therefore they can function as a VPN server that can terminate as many as 128 Layer 2 VPN tunnels.  The AP 230 do not.

The better way to go is to use one of our VPN Gateways (Virtual or Physical) which can terminate a 1000+ tunnels and can function as either Layer 2 or Layer 3 VPN servers.

http://www.aerohive.com/products/software-management/vpn-gateway

 
Photo of Joseff Harris

Joseff Harris

  • 11 Posts
  • 0 Reply Likes
Hi David

thanks for the swift response, saved my weekend. Went for the AP route as we are a Hyper-V shop when it comes to running virtual machines and we only need 10 tunnels, and asked the reseller about the 230 as we wanted the AC capability. Back to the reseller on this one.